add refresh token to client_credentials saveToken

[z1haze]

Summary

TLDR: fixes #350

For some reason, the library doesn't include the refresh token when saving the access token during client_credentials flows, but it does for the authorization_code flow. In the event that you need to generate tokens for anonymous users (guests), the client credentials grant is necessary, and the refresh token should be provided.

Linked issue(s)

#350

Involved parts of the project

client_credentials grant flow

Added tests?

No tests

OAuth2 standard

https://datatracker.ietf.org/doc/html/rfc6749#appendix-A.17 (page 44)
https://www.oauth.com/oauth2-servers/access-tokens/access-token-response/ (refresh token section)

Reproduction

Issue a token using client_credentials grant and see the refresh token now exists as it does for the authorization_code grant

[jankapunkt]

@z1haze can you please run the tests and check for the failures. If this is a breaking change then we need to get deeper into this again, because we'd like to avoid breaking until 100% necessary.

[z1haze]

Hi @jankapunkt, where did you see a failure?

[jankapunkt]

tests fail with some errors on node 22: https://github.com/node-oauth/node-oauth2-server/actions/runs/18139166610/job/51696007624?pr=351

can you replicate this when running the tests locally?